diff options
author | Matthias Schiffer <matthias@gamezock.de> | 2009-08-27 18:39:44 +0200 |
---|---|---|
committer | Matthias Schiffer <matthias@gamezock.de> | 2009-08-27 18:39:44 +0200 |
commit | 96b69222fa0c22d0eaefaae291e78913b2ae13e9 (patch) | |
tree | 335a7f4706db8c4fa71eea0f250215565dd17aea | |
parent | 82ef58fb3d0bdf6ce7d13f42cca30d03b24973c6 (diff) | |
download | mad-96b69222fa0c22d0eaefaae291e78913b2ae13e9.tar mad-96b69222fa0c22d0eaefaae291e78913b2ae13e9.zip |
AuthBackendChallengeResponse hinzugefügt
-rw-r--r-- | src/mad-server.conf | 1 | ||||
-rw-r--r-- | src/madc.cpp | 11 | ||||
-rw-r--r-- | src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.cpp | 76 | ||||
-rw-r--r-- | src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.h | 90 | ||||
-rw-r--r-- | src/modules/AuthBackendChallengeResponse/CMakeLists.txt | 8 | ||||
-rw-r--r-- | src/modules/AuthBackendChallengeResponse/Module.cpp | 30 | ||||
-rw-r--r-- | src/modules/AuthBackendChallengeResponse/Module.h | 52 | ||||
-rw-r--r-- | src/modules/AuthBackendPassword/AuthBackendPassword.cpp | 4 | ||||
-rw-r--r-- | src/modules/CMakeLists.txt | 1 |
9 files changed, 270 insertions, 3 deletions
diff --git a/src/mad-server.conf b/src/mad-server.conf index ff8249c..1ea3f70 100644 --- a/src/mad-server.conf +++ b/src/mad-server.conf @@ -1,5 +1,6 @@ LoadModule "FileLogger" +LoadModule "AuthBackendChallengeResponse" LoadModule "AuthBackendPassword" LoadModule "AuthProviderFile" diff --git a/src/madc.cpp b/src/madc.cpp index 5f6039d..0f4639d 100644 --- a/src/madc.cpp +++ b/src/madc.cpp @@ -31,6 +31,7 @@ #include "Client/CommandParser.h" #include "Client/InformationManager.h" #include "Client/PasswordReader.h" +#include "Client/Authenticators/ChallengeResponseAuthenticator.h" #include "Client/Authenticators/PasswordAuthenticator.h" #include <iostream> @@ -80,7 +81,15 @@ int main(int argc, char *argv[]) { std::getline(std::cin, username); password = Client::PasswordReader::readPassword("Password: "); - Client::Authenticators::PasswordAuthenticator::authenticate(&application, connection, username, password); + try { + Client::Authenticators::ChallengeResponseAuthenticator::authenticate(&application, connection, username, password); + } + catch(Core::Exception e) { + if(e.getErrorCode() != Core::Exception::NOT_AVAILABLE) + throw e; + + Client::Authenticators::PasswordAuthenticator::authenticate(&application, connection, username, password); + } } std::cerr << "Login successful." << std::endl << std::endl; diff --git a/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.cpp b/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.cpp new file mode 100644 index 0000000..39f2672 --- /dev/null +++ b/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.cpp @@ -0,0 +1,76 @@ +/* + * AuthBackendChallengeResponse.cpp + * + * Copyright (C) 2009 Matthias Schiffer <matthias@gamezock.de> + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "AuthBackendChallengeResponse.h" + +#include <Common/Hash.h> + +namespace Mad { +namespace Modules { +namespace AuthBackendChallengeResponse { + +const std::string AuthBackendChallengeResponse::methodName = "Challenge-Response"; + +AuthBackendChallengeResponse::AuthContextChallengeResponse::AuthContextChallengeResponse(AuthBackendChallengeResponse *backend) : authenticated(false) { + challenge.reserve(20); + + for(int i = 0; i < 20; ++i) + challenge.push_back(backend->randomGenerator()); +} + +boost::shared_ptr<Common::AuthContext> AuthBackendChallengeResponse::authenticate(boost::shared_ptr<Common::AuthProvider> provider, const std::string &subMethod, + const std::string &user, const std::vector<boost::uint8_t> &data, std::vector<boost::uint8_t> &response, + boost::shared_ptr<Common::AuthContext> context) throw(Core::Exception) { + if(context && dynamic_cast<AuthContextChallengeResponse*>(context.get()) == 0) + throw(Core::Exception(Core::Exception::INVALID_INPUT)); + + std::vector<std::string> allowedMethods = getSubMethods(provider); + if(std::find(allowedMethods.begin(), allowedMethods.end(), subMethod) == allowedMethods.end()) + throw(Core::Exception(Core::Exception::INVALID_INPUT)); + + if(!context) { + boost::shared_ptr<AuthContextChallengeResponse> contextCR(new AuthContextChallengeResponse(this)); + context = contextCR; + + response.insert(response.end(), contextCR->challenge.begin(), contextCR->challenge.end()); + } + else { + boost::shared_ptr<AuthContextChallengeResponse> contextCR = boost::dynamic_pointer_cast<AuthContextChallengeResponse>(context); + + std::vector<boost::uint8_t> password = provider->getPassword(user, subMethod); + if(password.empty()) + throw Core::Exception(Core::Exception::AUTHENTICATION); + + password.insert(password.end(), contextCR->challenge.begin(), contextCR->challenge.end()); + + password = Common::Hash::hash(password, subMethod); + + if(password.size() != data.size() || !std::equal(password.begin(), password.end(), data.begin())) + throw Core::Exception(Core::Exception::AUTHENTICATION); + + contextCR->authenticated = true; + } + + + return context; +} + +} +} +} diff --git a/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.h b/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.h new file mode 100644 index 0000000..782f441 --- /dev/null +++ b/src/modules/AuthBackendChallengeResponse/AuthBackendChallengeResponse.h @@ -0,0 +1,90 @@ +/* + * AuthBackendChallengeResponse.h + * + * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de> + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_AUTHBACKENDCHALLENGERESPONSE_H_ +#define MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_AUTHBACKENDCHALLENGERESPONSE_H_ + +#include "../export.h" + +#include <Common/AuthBackend.h> +#include <Common/AuthContext.h> +#include <Common/AuthProvider.h> +#include <Common/Application.h> + +#include <boost/random/mersenne_twister.hpp> +#include <boost/random/uniform_int.hpp> +#include <boost/random/variate_generator.hpp> + + +namespace Mad { +namespace Modules { +namespace AuthBackendChallengeResponse { + +class MAD_MODULE_EXPORT AuthBackendChallengeResponse : public Common::AuthBackend, private boost::noncopyable { + private: + class AuthContextChallengeResponse : public Common::AuthContext { + private: + friend class AuthBackendChallengeResponse; + + bool authenticated; + std::vector<boost::uint8_t> challenge; + + AuthContextChallengeResponse(AuthBackendChallengeResponse *backend); + + protected: + virtual bool isAuthenticated() const { + return authenticated; + } + }; + + static const std::string methodName; + + Common::Application *application; + + boost::mt19937 rng; + boost::uniform_int<boost::uint8_t> byteDistribution; + boost::variate_generator<boost::mt19937&, boost::uniform_int<boost::uint8_t> > randomGenerator; + + + protected: + virtual const std::string& getMethodName() const { + return methodName; + } + + virtual std::vector<std::string> getSubMethods(boost::shared_ptr<Common::AuthProvider> provider) const { + std::vector<std::string> ret; + ret.push_back(provider->getHashes().front()); + + return ret; + } + + virtual boost::shared_ptr<Common::AuthContext> authenticate(boost::shared_ptr<Common::AuthProvider> provider, const std::string &subMethod, + const std::string &user, const std::vector<boost::uint8_t> &data, std::vector<boost::uint8_t> &response, + boost::shared_ptr<Common::AuthContext> context) throw(Core::Exception); + + public: + AuthBackendChallengeResponse(Common::Application *application0) + : application(application0), byteDistribution(0, 255), randomGenerator(rng, byteDistribution) {} +}; + +} +} +} + +#endif /* MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_AUTHBACKENDCHALLENGERESPONSE_H_ */ diff --git a/src/modules/AuthBackendChallengeResponse/CMakeLists.txt b/src/modules/AuthBackendChallengeResponse/CMakeLists.txt new file mode 100644 index 0000000..9dfd7ba --- /dev/null +++ b/src/modules/AuthBackendChallengeResponse/CMakeLists.txt @@ -0,0 +1,8 @@ +include_directories(${INCLUDES}) + +mad_module(AuthBackendChallengeResponse + Module.cpp Module.h + AuthBackendChallengeResponse.cpp AuthBackendChallengeResponse.h +) + +mad_module_libraries(AuthBackendChallengeResponse) diff --git a/src/modules/AuthBackendChallengeResponse/Module.cpp b/src/modules/AuthBackendChallengeResponse/Module.cpp new file mode 100644 index 0000000..f2fa0c2 --- /dev/null +++ b/src/modules/AuthBackendChallengeResponse/Module.cpp @@ -0,0 +1,30 @@ +/* + * Module.cpp + * + * Copyright (C) 2009 Matthias Schiffer <matthias@gamezock.de> + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "../export.h" + +#include "Module.h" + +extern "C" { + +MAD_MODULE_EXPORT Mad::Common::Module* AuthBackendChallengeResponse_create(Mad::Common::Application *application) { + return new Mad::Modules::AuthBackendChallengeResponse::Module(application); +} + +} diff --git a/src/modules/AuthBackendChallengeResponse/Module.h b/src/modules/AuthBackendChallengeResponse/Module.h new file mode 100644 index 0000000..7a5891b --- /dev/null +++ b/src/modules/AuthBackendChallengeResponse/Module.h @@ -0,0 +1,52 @@ +/* + * Module.h + * + * Copyright (C) 2009 Matthias Schiffer <matthias@gamezock.de> + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_MODULE_H_ +#define MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_MODULE_H_ + +#include "AuthBackendChallengeResponse.h" + +#include <Common/Module.h> +#include <Common/AuthManager.h> + +namespace Mad { +namespace Modules { +namespace AuthBackendChallengeResponse { + +class Module : public Common::Module { + private: + Common::Application *application; + + boost::shared_ptr<AuthBackendChallengeResponse> backend; + + public: + Module(Common::Application *application0) : application(application0), backend(new AuthBackendChallengeResponse(application)) { + application->getAuthManager()->registerBackend(backend); + } + + virtual ~Module() { + application->getAuthManager()->unregisterBackend(backend); + } +}; + +} +} +} + +#endif /* MAD_MODULES_AUTHBACKENDCHALLENGERESPONSE_MODULE_H_ */ diff --git a/src/modules/AuthBackendPassword/AuthBackendPassword.cpp b/src/modules/AuthBackendPassword/AuthBackendPassword.cpp index 7e5aca9..1b38002 100644 --- a/src/modules/AuthBackendPassword/AuthBackendPassword.cpp +++ b/src/modules/AuthBackendPassword/AuthBackendPassword.cpp @@ -28,14 +28,14 @@ const std::string AuthBackendPassword::methodName = "Password"; boost::shared_ptr<Common::AuthContext> AuthBackendPassword::authenticate(boost::shared_ptr<Common::AuthProvider> provider, const std::string &subMethod, const std::string &user, const std::vector<boost::uint8_t> &data, std::vector<boost::uint8_t>& /*response*/, boost::shared_ptr<Common::AuthContext> context) throw(Core::Exception) { - if(context.get() != 0 && dynamic_cast<AuthContextPassword*>(context.get()) == 0) + if(context && dynamic_cast<AuthContextPassword*>(context.get()) == 0) throw(Core::Exception(Core::Exception::INVALID_INPUT)); std::vector<std::string> allowedMethods = getSubMethods(provider); if(std::find(allowedMethods.begin(), allowedMethods.end(), subMethod) == allowedMethods.end()) throw(Core::Exception(Core::Exception::INVALID_INPUT)); - if(context.get() == 0) + if(!context) context.reset(new AuthContextPassword); if(!provider->checkPassword(user, data, subMethod)) diff --git a/src/modules/CMakeLists.txt b/src/modules/CMakeLists.txt index 0e198f8..e87d6af 100644 --- a/src/modules/CMakeLists.txt +++ b/src/modules/CMakeLists.txt @@ -33,6 +33,7 @@ macro(mad_module_libraries name) endif(WITH_${upper_name}) endmacro(mad_module_libraries) +add_subdirectory(AuthBackendChallengeResponse) add_subdirectory(AuthBackendPassword) add_subdirectory(AuthProviderFile) add_subdirectory(FileLogger) |